Lucene search
+L

36 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 2:49 a.m.3 views

postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module

A flaw was found in PostgreSQL. A stack buffer overflow in the 'refint' module allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, a separate vulnerability exists where, if an application uses a user-controlled column as ...

8.8CVSS7.3AI score0.00378EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Oracle Linux 9 : unbound (ELSA-2026-18931)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18931 advisory. 1.24.2-2 - Switch TLS configuration to follow TLS sockets by crypto-policy again RHEL-147860 - Change the default of tls-use-system-policy-versions at...

7.5CVSS7AI score0.01743EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 12:3 p.m.8 views

RLSA-2026:26447 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain...

7.5CVSS7.6AI score0.00621EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/17 8:2 a.m.4 views

postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module

A flaw was found in PostgreSQL. A stack buffer overflow in the 'refint' module allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, a separate vulnerability exists where, if an application uses a user-controlled column as ...

8.8CVSS7.3AI score0.00378EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.18 views

AlmaLinux 10 : podman (ALSA-2026:24470)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24470 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

7.5CVSS5.6AI score0.00621EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 1:27 p.m.16 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/05/29 4:3 p.m.20 views

RLSA-2026:19137 Important: go-fdo-server security update

This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location...

8.3CVSS7.1AI score0.00621EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 12:42 a.m.9 views

CLSA-2026-1779120418 git-lfs: Fix of CVE-2026-32283

rebuild with golang 1.25.7-1.el96.tuxcare.els5 to fix CVE-2026-32283 - CVE-2026-32283: prevent denial of service in crypto/tls caused by multiple TLS 1.3 key update messages in a single record...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 12:0 a.m.20 views

ALSA-2026:19139 Important: go-fdo-client security update

go-fdo-client is the device-side implementation of FIDO Device Onboard specification in Go. It provides an FDO client that interacts with FDO manufacturer and owner servers to perform device on-boarding. Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 2:16 p.m.5 views

UBUNTU-CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 1:0 p.m.62 views

CVE-2026-6637

The CVE-2026-6637 issue affects PostgreSQL’s refint module, causing a stack buffer overflow that could allow an unprivileged database user to execute arbitrary OS-level code running the database. A separate attack path exists when an application exposes a user-controlled column as a refint cascad...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/11 10:53 p.m.9 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.21 views

RHEL 9 : buildah (RHSA-2026:16102)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16102 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

10CVSS6.9AI score0.01945EPSS
Exploits4References14
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.13 views

RHEL 7 : host-metering (RHSA-2026:16101)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16101 advisory. Host metering service Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-32283 F...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 12:3 p.m.20 views

RLSA-2026:14200 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282...

7.8CVSS5.8AI score0.00621EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/27 2:21 a.m.7 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/10 9:26 p.m.7 views

CVE-2026-39304

A flaw was found in Apache ActiveMQ Client, Apache ActiveMQ Broker, and Apache ActiveMQ. A remote attacker can exploit this vulnerability by rapidly triggering Transport Layer Security TLS version 1.3 handshake KeyUpdates. This improper handling of KeyUpdates causes the broker to exhaust its memo...

7.5CVSS5.7AI score0.00896EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/10 12:31 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NIO SSL transport processing. An attacker can cause the broker to exhaust all available...

8.7CVSS5.8AI score0.00896EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 12:31 p.m.3 views

GHSA-5568-6QCG-G7FX Apache ActiveMQ: Denial of Service via Out of Memory vulnerability

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

7.5CVSS5.8AI score0.00896EPSS
Exploits0References4
Rows per page
Query Builder